2018-10-29

sshfs for sharing files

if you do not need access to the files when you are offline (or alternatively do not mind writing an rsync script) this solution might be for you. it only dawned upon me after having looked at several big software alternatives like owncloud. the answer is sshfs . using this you can mount a remote directory, which can be on encrypted space. file changes are immediately applied on the server. downsides are the same as with other self-hosted solutions: you have to manage the backups, server availability and the software. for just serving files, for example media in a home network, it might be easier and sufficient to use an http server with autoindex and some additional security mechanism

how to

on the server

create a dedicated user without a default shell and without any password

useradd shared --home-dir /home --shell /bin/false

for some reason only using /home directly worked for me. sshd changes the directory automatically to /home/shared on login

mkdir /home/shared
chown root:root /home/shared
chmod 755 /home/shared

these owner and permissions are the only that worked for me, perhaps necessary for the chroot in /etc/sshd_config

AuthorizedKeysFile /etc/ssh/authorized_keys/%u
Match User shared
  ChrootDirectory /home/shared
  ForceCommand internal-sftp

configure a chroot for the user, which is supposed to prevent the user from seeing and accessing files outside the specified directory. because i do not have the authorized_keys file in the home directory of the shared user, i store them in a directory /etc/ssh/authorized_keys, with one file per user. this is for enabling password-less, key-based login

mkdir /etc/ssh/authorized_keys
chmod 755 /etc/ssh/authorized_keys

then add public keys in that directory, named like the corresponding users. the directory and the files therein must be accessible by the users, the files only for the user it is for

authorized_keys/
  otheruser  shared

on the client

create or designate an ssh key and change the file name to have the username of the shared remote user at the end. this is so that ssh can select the right ssh key automatically when logging in and the path does not have to be specified

.ssh/
  config
  testserver.shared
  testserver.shared.pub
  testserver.otheruser
  testserver.otheruser.pub

in ~/.ssh/config

Host testserver
User shared
IdentityFile ~/.ssh/testserver.%r

the placeholder %r will be replaced by ssh with the username, which is either the username given explicitly on the command line, the user configured in .ssh/config or the current user if none is configured mount the remote directory

sshfs shared@testserver:/ /home/nonroot/mnt/shared@testserver

i had some issues with finding the right path on the server to mount because of the chroot. the chroot and mount paths might require some tweaking

mount-sshfs-home

mount-sshfs-home from sph-script makes mounting with sshfs easier

usage example

mount-sshfs-home shared@testserver --path=/

the benefit here is that the local mount directory is automatically selected, created and removed in the home directory under mnt/shared@testerver/